Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-23603: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') and Improper Encoding or Escaping of Output in server.py

iTunesRPC-Remastered is a discord rich presence application for use with iTunes & Apple Music. In code before commit 24f43aa user input is not properly sanitized and code injection is possible. Users are advised to upgrade as soon as is possible. There are no known workarounds for this issue.

CVE
#xss#vulnerability#web#apple#perl

Impact

What kind of vulnerability is it? Who is impacted?
This vulnerability is a XSS and Improper Encoding vulnerability. AFAIK, only servers are impacted.

Patches

Has the problem been patched? What versions should users upgrade to?
No patches have been released yet.
As of commit 24f43aa, the issue has been fixed. No official releases are affected. Commits 7f9dd66, b39ad02, 96cc9f2, 4d0f88b, c29b3c8, 953fd83, 355a474, and 54b02d9 are all still vulnerable.

Workarounds

Is there a way for users to fix or remediate the vulnerability without upgrading?
Users can manually add escaping to the server and client, or upgrade to commit 24f43aa.

For more information

If you have any questions or comments about this advisory:

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907